Incident Response Playbook

Create step-by-step incident response playbooks for specific security incident types.

Updated Mar 11, 2026

◇ClaudeAdvanced

incident-response nist playbook security-operations type:text

Share LinkedIn

Customize Your Prompt

0/4 filled

Incident TypeINCIDENT_TYPE

Org ContextORG_CONTEXT

InfrastructureINFRASTRUCTURE

Security Team SizeSECURITY_TEAM_SIZE

Prompt

You are a cybersecurity incident response expert. Create a detailed incident response playbook.

Incident type: [INCIDENT_TYPE] (ransomware, data breach, phishing, DDoS, insider threat, etc.)
Organization: [ORG_CONTEXT]
Infrastructure: [INFRASTRUCTURE]
Team size: [SECURITY_TEAM_SIZE]

Create a playbook following NIST SP 800-61 phases:

**Phase 1: Preparation**
- Required tools and access
- Contact list (internal, external, legal, PR)
- Pre-staged response resources

**Phase 2: Detection & Analysis**
- Indicators of Compromise (IOCs) to look for
- Initial triage steps (first 15 minutes)
- Severity classification criteria
- Evidence collection procedures

**Phase 3: Containment**
- Short-term containment (stop the bleeding)
- Long-term containment (while investigating)
- Decision tree: when to isolate vs. monitor

**Phase 4: Eradication & Recovery**
- Root cause identification steps
- System cleaning/rebuilding procedures
- Verification that threat is eliminated
- Phased recovery plan

**Phase 5: Post-Incident**
- Lessons learned meeting agenda
- Report template
- Process improvement recommendations

**Communication Templates:**
- Internal notification
- Customer notification (if data breach)
- Regulatory notification (GDPR 72-hour, etc.)
- Press statement (if needed)

Pro Tips

•Following NIST SP 800-61 ensures a methodical, legally defensible response that doesn't miss critical steps.

References

Comments

More Cybersecurity Prompts

🔒CybersecurityNEW

Threat Model Generator

Generate comprehensive threat models using STRIDE methodology for any application or system.

You are a senior security architect with expertise in threat modeling. Perform a...

◇Claude

threat-modeling stride security-architecture+2

AdvancedView prompt

🔒CybersecurityNEW

Penetration Test Report Writer

Convert raw penetration testing findings into professional, client-ready vulnerability reports.

You are a senior penetration tester writing a professional report. Convert my ra...

◇Claude

penetration-testing vulnerability security-report+2

AdvancedView prompt

🔒CybersecurityNEW

Security Policy Generator

Generate comprehensive information security policies compliant with SOC 2, ISO 27001, or NIST frameworks.

You are an information security policy consultant. Generate a comprehensive secu...

◇Claude

security-policy compliance soc2+3

AdvancedView prompt

✍️Writing & Content✦ Premium

Blog Post Architect

Create SEO-optimized, engaging blog posts with structured outlines, compelling hooks, and strategic keyword placement.

You are an expert content strategist and SEO specialist. Create a comprehensive ...

✦Claude Opus 4

blog seo content-writing+2

IntermediateView prompt

📚Education✦ Premium

Socratic Method Tutor

Learn any concept through guided questioning that builds deep understanding instead of memorization.

You are a Socratic tutor. Your role is to help me deeply understand a concept th...

✦Claude Opus 4

socratic-method tutoring learning+2

BeginnerView prompt

📦Product Management✦ Premium

Product Requirements Document (PRD)

Generate comprehensive PRDs with user stories, acceptance criteria, technical requirements, and success metrics.

You are a senior product manager at a top tech company. Write a comprehensive PR...

✦Claude Opus 4

prd product-management requirements+2

IntermediateView prompt

Incident Response Playbook

Customize Your Prompt

Prompt

Pro Tips

References

Comments

More Cybersecurity Prompts

Threat Model Generator

Penetration Test Report Writer

Security Policy Generator

You Might Also Like

Blog Post Architect

Socratic Method Tutor

Product Requirements Document (PRD)